Interoperability and openness are concepts that have a tendency to turn technical quickly. But for McAfee, it goes beyond software. To stay cybersecure, organisations need to build in openness in their company structures, ensuring that different departments, from engineering, to legal, HR and business development teams all work together to protect the company and its assets.
At McAfee, we’ve embedded openness and interoperability both in how we develop our software and in the way the company works because it’s good for business. Increasingly we see that in a maturing cybersecurity protection market, companies need to break out of some of the silos they have built into their organisations, or risk exposing vulnerabilities to the ever-growing threat of cybercrime.
Business culture issues crop up too regularly to be ignored. Whether it’s a privacy officer locking down data that could prove critical to ensure a company’s cybersecurity, security officers failing to explain to other business units how to use a new piece of technology or software in a safe way, or business development executives cutting corners on security to drive down cost these all can leave an organisation exposed to malicious actors. Just as different pieces of software need to work alongside each other, different parts of the business need to work in lockstep to keep cybercriminals out.
Of course, the technical challenge remains. A recent paper from the Center for Strategic and International Studies (CSIS), a top-tier think-tank based in Washington D.C., put the challenge succinctly: “Instead of spending their time responding to threats,” the paper says, “cyber professionals are occupied with managing a complex web of products and services that was supposed to make their jobs easier.”
The proliferation of tools is never going to be solved entirely, but a common set of standards, protocols, taxonomies and foundational open-source software can help ensure that threat intelligence is classified in a common way, anomalies are communicated effectively, and responses are efficient and automatable.
Kent Landfield, our chief standards and technology policy strategist, explained how McAfee approaches interoperability at an event hosted by CSIS in February: “We’re not fighting over the plumbing, or the data communications, but over the real value of the product and what it is bringing to the market.”
In short, Cybersecurity vendors should compete on providing the best solutions, such as threat protection services, to their customers, not on who has the best messaging system or the least-incomplete set of threat-intelligence data.
Work is already being done to solve this issue, through the Open Cybersecurity Alliance, comprising some of the leading interoperability-friendly cybersecurity companies in the market, and information and security executives in companies can help in this effort by building in openness and interoperability into their buying decisions.
Technical and commercial interoperability among vendors is only one part of the solution. Companies need to also look into their own organisation and structure to make sure their security culture allows these tools to be as efficient in tackling cyber threats as possible.